FirebirdSQL logo
 Procedural SQL (PSQL) StatementsAggregate Functions 

RSA_SIGN_HASH()

PSS encodes a message hash and signs it with an RSA private key

Result type

VARBINARY

Syntax
RSA_SIGN_HASH (message_digest
  KEY private_key
  [HASH <hash>] [SALT_LENGTH salt_length]
  [PKCS_1_5])

<hash> ::= MD5 | SHA1 | SHA256 | SHA512
Table 1. RSA_SIGN_HASH Function Parameters
Parameter Description

message_digest

Hash of message to sign.The hash algorithm used should match hash

private_key

RSA private key in PKCS#1 format

hash

Hash to generate PSS encoding;default is SHA256.This should be the same hash as used to generate message_digest.

salt_length

Length of the desired salt in bytes;default is 8;minimum 1, maximum 32.The recommended value is between 8 and 16.

RSA_SIGN_HASH performs PSS encoding of the message_digest to be signed, and signs using the RSA private key.

By default, OAEP padding is used.The PKCS_1_5 option will switch to the less secure PKCS 1.5 padding.

Warning

The PKCS_1_5 option is only for backward compatibility with systems applying PKCS 1.5 padding.For security reasons, it should not be used in new projects.
Caution

This function expects the hash of a message (or message digest), not the actual message.The hash argument should specify the algorithm that was used to generate that hash.

A function that accepts the actual message to hash might be introduced in a future version of Firebird.
PSS encoding

Probabilistic Signature Scheme (PSS) is a cryptographic signature scheme specifically developed to allow modern methods of security analysis to prove that its security directly relates to that of the RSA problem.There is no such proof for the traditional PKCS#1 v1.5 scheme.

RSA_SIGN_HASH Examples

Tip

Run the example of the RSA_PRIVATE function first.

 
select rdb$set_context('USER_SESSION', 'msg',
  rsa_sign_hash(crypt_hash('Test message' using sha256)
    key rdb$get_context('USER_SESSION', 'private_key'))) from rdb$database;
See also

[fblangref50-scalarfuncs-rsaverifyhash], [fblangref50-scalarfuncs-rsaprivate], [fblangref50-scalarfuncs-crypthash]